Adobe Systems Inc. earlier this week warned its users that hackers were using vulnerabilities in its Flash application to compromise user systems. The hacks were discovered by Kaspersky Lab, itself embroiled in controversy over collusion with Russian intelligence agencies responsible for alleged interference in US political and government matters.
Kaspersky Lab reported that malware known as FinSpy or FinFisher was being used by a hacking group called BlackOasis that it has been tracking for some time now. As of now, the group has planted malicious software into an unknown number of computers, and then connecting them back to their servers. The known attacks have been executed in Switzerland, the Netherlands and Bulgaria as of now. Victims have also been identified in Russia, the UK, Afghanistan and Iran, as well as parts of Africa and the Middle East.
Adobe has already issued a security fix for the problem, which covers users of Google Chrome, Microsoft Edge and Internet Explorer.
Flash has long been criticized for its security vulnerabilities, and Adobe announced in July this year that the platform would be phased out by 2020. But the fact that BlackOasis has used vulnerabilities that were not widely known shows that Flash users could continue to be at risk until they stop using it.
Data from Google Chrome shows that 80 percent of desktop users were using Flash as of 2014. Today, that figure is down to 17 percent, but that still represents a massive number considering the fact that Chrome is the most used desktop browser in the world. Assuming there are about 2 billion PCs and other desktop devices currently in use, 17 percent translates to about 340 million users still viewing Flash content.
Google has warned website owners several times in the past about Flash content, and recent Chrome versions have automatically started blocking Flash content on websites.